removed user primary group to enable default action, implemented solution for data restructure to avoid nested looping necessity, re-ordered last SSH access tasks

roles/init-server/tasks/ssh-users.yml

@@ -21,7 +21,7 @@
       ansible.builtin.user:
         name: "{{ item.username }}"
         comment: administrator
-        group: "{{ item.username }}"
+        # group: "{{ item.username }}"
         groups:
           - "{{ remote_group.name | default('remote') }}"
           - sudo # @NOTE used by Debian
@@ -39,39 +39,28 @@
       delegate_to: localhost
       when: item.username in (admin_users.results | map(attribute="name") | list)
       ansible.builtin.find:
-        paths: "{{ cnode_homedir | default('/home/' ~ ansible_user ~ '/.ssh') }}" # @TODO define 'cnode_homedir' in playbook
-        patterns: "{{ ['^'] | product(item.keys) | map('join') | list }}"
+        paths: "{{ local_facts['user_dir'] }}/.ssh" # @TODO define 'cnode_homedir' in playbook
+        patterns: "{{ ['^'] | product(item.ssh_keys) | map('join') | list }}"
         file_type: file
         use_regex: true
       loop: "{{ admins }}"
       register: admin_ssh_keypairs
+    - name: Creating list wherein each SSH public key is associated with a user
+      ansible.builtin.set_fact:
+        pubkey_users: "{{ [admin_users.results[idx].name] | product(admin_ssh_keypairs.results[idx].files | selectattr('path', 'search', '\\.pub$') | map(attribute='path')) }}"
+      loop: "{{ admins }}"
+      loop_control:
+        index_var: idx
     - name: Authorizing SSH public key for an administrative user
       become: true
       ansible.posix.authorized_key:
-        user: "{{ admin_users.results[idx] }}"
-        key: "{{ admin_ssh_keypairs.results[idx].files | selectattr('path', 'search', '\\.pub$') | map(attribute='path') | map('lookup', 'file') | list | map('join','\n') }}"
+        user: "{{ item[0] }}"
+        key: "{{ lookup('file', item[1]) }}"
         state: present
-      loop: "{{ admin_users.results }}"
-      loop_control:
-        index_var: idx
+      loop: "{{ pubkey_users }}"
       register: ssh_authorizations
       tags:
         - lan
-    - name: Allowing sole SSH access to users in group remote
-      when: ansible_facts["system"] == "Linux"
-      become: true
-      ansible.builtin.template:
-        src: sshd_config.d/allowance.conf.j2 # @TODO create corresponding role template file
-        dest: /etc/ssh/sshd_config.d/allowance.conf
-        owner: root
-        group: root
-        mode: "644"
-        force: true
-        backup: true
-        validate: "sshd -t %s"
-      register: ssh_gatekept
-      tags:
-        - lan
 - name: Setting approved SSH authentication procedures
   when: harden and ansible_facts["system"] == "Linux"
   become: true
@@ -83,8 +72,23 @@
     mode: "644"
     force: true
     backup: true
-    validate: "sshd -t %s"
+    validate: "sshd -t -f %s"
   register: ssh_authenticator
   tags:
     - lan
-    - ssh_secure_auth
+    - ssh_secure_auth
+- name: Allowing sole SSH access to users in group remote
+  when: ansible_facts["system"] == "Linux"
+  become: true
+  ansible.builtin.template:
+    src: sshd_config.d/allowance.conf.j2 # @TODO create corresponding role template file
+    dest: /etc/ssh/sshd_config.d/allowance.conf
+    owner: root
+    group: root
+    mode: "644"
+    force: true
+    backup: true
+    validate: "sshd -t -f %s"
+  register: ssh_gatekept
+  tags:
+    - lan